'\" t
.\"     Title: polkit
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: January 2009
.\"    Manual: polkit
.\"    Source: polkit
.\"  Language: English
.\"
.TH "POLKIT" "8" "January 2009" "polkit" "polkit"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
polkit \- Authorization Framework
.SH "OVERVIEW"
.PP
PolicyKit provides an authorization API intended to be used by privileged programs (\(lqMECHANISMS\(rq) offering service to unprivileged programs (\(lqCLIENTS\(rq) through some form of IPC mechanism such as D\-Bus or Unix pipes\&. In this scenario, the mechanism typically treats the client as untrusted\&. For every request from a client, the mechanism needs to determine if the request is authorized or if it should refuse to service the client\&. Using the PolicyKit API, a mechanism can offload this decision to a trusted party: The PolicyKit Authority\&.
.PP
In addition to acting as an authority, PolicyKit allows users to obtain temporary authorization through authenticating either an administrative user or the owner of the session the client belongs to\&. This is useful for scenarios where a mechanism needs to verify that the operator of the system really is the user or really is an administrative user\&.
.SH "SYSTEM ARCHITECTURE"
.PP
The system architecture of PolicyKit is comprised of the
\fIAuthority\fR
(implemented as a service on the system message bus) and a
\fIAuthentication Agent\fR
per user session (provided and started by the user session e\&.g\&. GNOME or KDE)\&. Additionally, PolicyKit supports a number of extension points \(en specifically, vendors and/or sites can write extensions to completely control authorization policy\&. In a block diagram, the architecture looks like this:
.sp
.RS 4
[IMAGE]\&\s-2\u[1]\d\s+2
.sp
.if n \{\
.RS 4
.\}
.nf
 +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
 |   Authentication  |
 |       Agent       |
 +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
 | libpolkit\-agent\-1 |
 +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
        ^                                  +\-\-\-\-\-\-\-\-+
        |                                  | Client |
        +\-\-\-\-\-\-\-\-\-\-\-\-\-\-+                   +\-\-\-\-\-\-\-\-+
                       |                        ^
                       |                        |
User Session           |                        |
=======================|========================|=============
System Context         |                        |
                       |                        |
                       |                    +\-\-\-+
                       V                    |
                     /\-\-\-\-\-\-\-\-\-\-\-\-\e         |
                     | System Bus |         |
                     \e\-\-\-\-\-\-\-\-\-\-\-\-/         |
                       ^        ^           V
                       |        |      +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
        +\-\-\-\-\-\-\-\-\-\-\-\-\-\-+        |      |      Mechanism      |
        |                       |      +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
        V                       +\-\-\-\-> | libpolkit\-gobject\-1 |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+                   +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
| org\&.freedesktop\&. |
|    PolicyKit1    |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
|   Backends and   |
|    Extensions    |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
.fi
.if n \{\
.RE
.\}
.RE
.PP
For convenience, the
libpolkit\-gobject\-1
library wraps the PolicyKit D\-Bus API using GObject\&. However, a mechanism can also use the D\-Bus API or the
\fBpkcheck\fR(1)
command to check authorizations\&.
.PP
The
libpolkit\-agent\-1
library provides an abstraction of the native authentication system, e\&.g\&.
\fBpam\fR(8)
and also facilities registration and communication with the PolicyKit D\-Bus service\&.
.PP
PolicyKit extensions and authority backends are implemented using the
libpolkit\-backend\-1
library\&.
.PP
See the
\m[blue]\fBdeveloper documentation\fR\m[]\&\s-2\u[2]\d\s+2
for more information about using and extending PolicyKit\&.
.PP
See
\fBpklocalauthority\fR(8)
for information about the Local Authority \- the default authority implementation shipped with PolicyKit\&.
.SH "AUTHENTICATION AGENTS"
.PP
An authentication agent is used to make the user of a session prove that the user of the session really is the user (by authenticating as the user) or an administrative user (by authenticating as a administrator)\&. In order to integrate well with the rest of the user session (e\&.g\&. match the look and feel), authentication agents are meant to be provided by the user session that the user uses\&. For example, an authentication agent may look like this:
.sp
.RS 4
[IMAGE]\&\s-2\u[3]\d\s+2
.sp
.if n \{\
.RS 4
.\}
.nf
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
|                     Authenticate                     [X] |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
|                                                          |
|  [Icon]  Authentication is required to run ATA SMART     |
|          self tests                                      |
|                                                          |
|          An application is attempting to perform an      |
|          action that requires privileges\&. Authentication |
|          as the super user is required to perform this   |
|          action\&.                                         |
|                                                          |
|          Password for root: [_________________________]  |
|                                                          |
| [V] Details:                                             |
|  Drive:  ATA INTEL SSDSA2MH08 (045C)                     |
|  Device: /dev/sda                                        |
|  Action: org\&.fd\&.devicekit\&.disks\&.drive\-ata\-smart\-selftest |
|  Vendor: The DeviceKit Project                           |
|                                                          |
|                                  [Cancel] [Authenticate] |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
.fi
.if n \{\
.RE
.\}
.RE
.PP
If the system is configured without a
\fIroot\fR
account it may allow you to select the administrative user who is authenticating:
.sp
.RS 4
[IMAGE]\&\s-2\u[4]\d\s+2
.sp
.if n \{\
.RS 4
.\}
.nf
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
|                     Authenticate                     [X] |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
|                                                          |
|  [Icon]  Authentication is required to run ATA SMART     |
|          self tests                                      |
|                                                          |
|          An application is attempting to perform an      |
|          action that requires privileges\&. Authentication |
|          as one of the users below is required to        |
|          perform this action\&.                            |
|                                                          |
|          [[Face] Patrick Bateman (bateman)         [V]]  |
|                                                          |
|          Password for bateman: [______________________]  |
|                                                          |
| [V] Details:                                             |
|  Drive:  ATA INTEL SSDSA2MH08 (045C)                     |
|  Device: /dev/sda                                        |
|  Action: org\&.fd\&.devicekit\&.disks\&.drive\-ata\-smart\-selftest |
|  Vendor: The DeviceKit Project                           |
|                                                          |
|                                  [Cancel] [Authenticate] |
+\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
.fi
.if n \{\
.RE
.\}
.RE
.PP
See
\fBpklocalauthority\fR(8)
on how to set up the local authority implemention for systems without a
root
account\&.
.SH "DECLARING ACTIONS"
.PP
A mechanism need to declare a set of
\(lqACTIONS\(rq
in order to use PolicyKit\&. Actions correspond to operations that clients can request the mechanism to carry out and are defined in XML files that the mechanism installs into the
/usr/share/polkit\-1/actions
directory\&.
.PP
PolicyKit actions are namespaced and can only contain the characters
[a\-z][0\-9]\&.\-
e\&.g\&. lower\-case ASCII, digits, period and hyphen\&. Each XML file can contain more than one action but all actions need to be in the same namespace and the file needs to be named after the namespace and have the extension
\&.policy\&.
.PP
The XML file must have the following doctype declaration
.sp
.if n \{\
.RS 4
.\}
.nf
<?xml version="1\&.0" encoding="UTF\-8"?>
<!DOCTYPE policyconfig PUBLIC "\-//freedesktop//DTD PolicyKit Policy Configuration 1\&.0//EN"
"http://www\&.freedesktop\&.org/standards/PolicyKit/1\&.0/policyconfig\&.dtd">
.fi
.if n \{\
.RE
.\}
.PP
The
\fIpolicyconfig\fR
element must be present exactly once\&. Elements that can be used inside
\fIpolicyconfig\fR
includes:
.PP
\fIvendor\fR
.RS 4
The name of the project or vendor that is supplying the actions in the XML document\&. Optional\&.
.RE
.PP
\fIvendor_url\fR
.RS 4
A URL to the project or vendor that is supplying the actions in the XML document\&. Optional\&.
.RE
.PP
\fIicon_name\fR
.RS 4
An icon representing the project or vendor that is supplying the actions in the XML document\&. The icon name must adhere to the
\m[blue]\fBFreedesktop\&.org Icon Naming Specification\fR\m[]\&\s-2\u[5]\d\s+2\&. Optional\&.
.RE
.PP
\fIaction\fR
.RS 4
Declares an action\&. The action name is specified using the
id
attribute and can only contain the characters
[a\-z][0\-9]\&.\-
e\&.g\&. lower\-case ASCII, digits, period and hyphen\&.
.RE
.PP
Elements that can be used inside
\fIaction\fR
includes:
.PP
\fIdescription\fR
.RS 4
A human readable description of the action, e\&.g\&.
\(lqInstall unsigned software\(rq\&.
.RE
.PP
\fImessage\fR
.RS 4
A human readable message displayed to the user when asking for credentials when authentication is needed, e\&.g\&.
\(lqInstalling unsigned software requires authentication\(rq\&.
.RE
.PP
\fIdefaults\fR
.RS 4
This element is used to specify implicit authorizations for clients\&.
.sp
Elements that can be used inside
\fIdefaults\fR
includes:
.PP
\fIallow_any\fR
.RS 4
Implicit authorizations that apply to any client\&. Optional\&.
.RE
.PP
\fIallow_inactive\fR
.RS 4
Implicit authorizations that apply to clients in inactive sessions on local consoles\&. Optional\&.
.RE
.PP
\fIallow_active\fR
.RS 4
Implicit authorizations that apply to clients in active sessions on local consoles\&. Optional\&.
.RE
.sp
Each of the
\fIallow_any\fR,
\fIallow_inactive\fR
and
\fIallow_active\fR
elements can contain the following values:
.PP
no
.RS 4
Not authorized\&.
.RE
.PP
yes
.RS 4
Authorized\&.
.RE
.PP
auth_self
.RS 4
Authentication by the owner of the session that the client originates from is required\&.
.RE
.PP
auth_admin
.RS 4
Authentication by an administrative user is required\&.
.RE
.PP
auth_self_keep
.RS 4
Like
auth_self
but the authorization is kept for a brief period\&.
.RE
.PP
auth_admin_keep
.RS 4
Like
auth_admin
but the authorization is kept for a brief period\&.
.RE
.RE
.PP
\fIannotate\fR
.RS 4
Used for annotating an action with a key/value pair\&. The key is specified using the the
key
attribute and the value is specified using the
value
attribute\&. This element may appear zero or more times\&. See
\fBpkexec\fR(1)
for an example of how this can be used\&.
.RE
.PP
\fIvendor\fR
.RS 4
Used for overriding the vendor on a per\-action basis\&. Optional\&.
.RE
.PP
\fIvendor_url\fR
.RS 4
Used for overriding the vendor URL on a per\-action basis\&. Optional\&.
.RE
.PP
\fIicon_name\fR
.RS 4
Used for overriding the icon name on a per\-action basis\&. Optional\&.
.RE
.PP
For localization,
\fIdescription\fR
and
\fImessage\fR
elements may occur multiple times with different
xml:lang
attributes\&.
.PP
To list installed PolicyKit actions, use the
\fBpkaction\fR(1)
command\&.
.SH "AUTHOR"
.PP
Written by David Zeuthen
davidz@redhat\&.com
with a lot of help from many others\&.
.SH "BUGS"
.PP
Please send bug reports to either the distribution or the polkit\-devel mailing list, see the link
\m[blue]\fB\%http://lists.freedesktop.org/mailman/listinfo/polkit-devel\fR\m[]
on how to subscribe\&.
.SH "SEE ALSO"
.PP

\fBpklocalauthority\fR(8)
\fBpolkitd\fR(8)
\fBpkaction\fR(1),
\fBpkcheck\fR(1),
\fBpkexec\fR(1),
.SH "NOTES"
.IP " 1." 4
/usr/share/gtk-doc/html/polkit-1/polkit-architecture.png
.IP " 2." 4
developer documentation
.RS 4
\%file:///usr/share/gtk-doc/html/polkit-1/index.html
.RE
.IP " 3." 4
/usr/share/gtk-doc/html/polkit-1/polkit-authentication-agent-example.png
.IP " 4." 4
/usr/share/gtk-doc/html/polkit-1/polkit-authentication-agent-example-wheel.png
.IP " 5." 4
Freedesktop.org Icon Naming Specification
.RS 4
\%http://standards.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html
.RE
